CyberSecurityBoard
Sponsor Register Login

Microsoft finds default Kubernetes Helm charts can expose data

Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. A report published by security researchers Michael Katchinskiy and Yossi Weizman of Microsoft Defender for Cloud Research highlights three cases as examples of a broader security issue that puts Kubernetes workloads at risk. To mitigate the risks, Microsoft recommends carefully reviewing the default configuration of Helm charts to evaluate it from a security perspective, ensuring that it includes authentication and network isolation. Users inexperienced with cloud security often deploy those Helm charts as they are, unintentionally exposing services to the internet and allowing attackers to scan and exploit misconfigured applications. However, as highlighted in Microsoft's report, in many cases, the default settings in those charts lack proper security measures. The researchers highlight three cases of Helm charts that put Kubernetes environments at risk of attacks, summarized as follows. Helm is a package manager for Kubernetes, and charts are templates/blueprints for deploying apps on the platform, providing YAML files that define key resources needed to run an app. "Default configurations that lack proper security controls create a severe security threat," warns the Microsoft researchers. In many cases, those Helm charts required no authentication, left exploitable ports open, and used weak or hardcoded passwords that were trivial to break.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 05 May 2025 19:20:06 +0000


Cyber News related to Microsoft finds default Kubernetes Helm charts can expose data

Helm: Simplifying Kubernetes Deployments - As a Kubernetes package manager, Helm greatly streamlines and simplifies deployment processes. In this article, we will delve deeply into Helm and explore how it facilitates the easier management of Kubernetes deployments. Templates: Helm uses ...
1 year ago Feeds.dzone.com
Microsoft finds default Kubernetes Helm charts can expose data - Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. A report published by security researchers Michael ...
2 weeks ago Bleepingcomputer.com
CVE-2021-21303 - Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few ...
2 years ago
CVE-2023-40026 - Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external ...
1 year ago
Auditing Kubernetes with Open Source SIEM and XDR - Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit ...
2 years ago Thehackernews.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
7 months ago Aws.amazon.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
1 year ago Darkreading.com
CVE-2020-11013 - Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific ...
4 years ago
CVE-2024-26147 - Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins ...
1 year ago
Protecting against new Kubernetes threats in 2024 and beyond - A wave of new attacks targeted Kubernetes in 2023: Dero and Monero crypto miners, Scarleteel and RBAC-Buster. Finding an initial foothold with a web app vulnerability, then moving laterally is the hallmark of a Kubernetes attack. Understanding the ...
1 year ago Venturebeat.com
CVE-2022-36049 - Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the ...
2 years ago
CVE-2022-23525 - Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For ...
2 years ago
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments - PRESS RELEASE. HERZLIYA, Israel, Nov. 29, 2023 /PRNewswire/ - XM Cyber, the leader in hybrid cloud exposure management, today announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes ...
1 year ago Darkreading.com
CVE-2024-29037 - datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful ...
1 year ago
Kubernetes Vulnerability Let Attackers Take Full System Control - A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The ...
1 year ago Gbhackers.com CVE-2023-5528 CVE-2023-3676
CVE-2022-36055 - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package ...
1 year ago
CVE-2023-25165 - Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP ...
2 years ago
CVE-2021-32690 - Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to ...
2 years ago
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
1 year ago Unit42.paloaltonetworks.com
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
1 year ago Feeds.dzone.com
CVE-2024-25620 - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be ...
1 year ago
Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes - A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster. ...
1 year ago Darkreading.com CVE-2023-5528 CVE-2023-3676
Microsoft Warns Default Helm Charts May Expose Kubernetes Apps to Data Leaks - Microsoft Defender for Cloud can help organizations identify these vulnerabilities through alerts on exposed Kubernetes services and visualization of internet-exposed workloads through the Cloud Security Explorer. According to a report published on ...
2 weeks ago Cybersecuritynews.com
CVE-2020-4062 - In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)